Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I configure a custom rule to allow a specific host name in AWS WAF?

3 minute read
0

I want to create a custom rule that allows only requests with a specific host name to access my AWS WAF application.

Resolution

To limit access to your application, create custom rules based on headers, such as host name. The rules must either allow traffic for a specific host name, or block traffic that isn't for a specific host name.

Allow traffic for a specific host name

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Select your Protection pack.
  5. In your selected protection pack, select Rules.
  6. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  7. In the right pane for Manage rules choose Add rules.
  8. Choose Create new rule.
  9. Choose Custom rule and select Next.
  10. Choose Add my own rules and rule groups.
  11. Add the following values to set up your rule:
    For Rule type , choose Rule Builder.
    For Name, enter a name for the rule.
    For Type, choose Regular rule.
    For If a Request, choose Matches the statement.
    For Inspect, choose Single header.
    For Header field name, choose Host.
    For Match type, choose Exactly matches String.
    For String to match, choose the host name.
    (Optional) Choose a text transformation, or choose None.
    For Action, choose Allow.
  12. Choose Add Rule.
  13. For Set Rule Priority, select your rule and then update its priority. For more information, see Setting rule priority.
  14. Choose Save.

Block traffic that isn't for a specific host name

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Select your Protection pack.
  5. In your selected protection pack, select Rules.
  6. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  7. In the right pane for Manage rules choose Add rules.
  8. Choose Create new rule.
  9. Choose Custom rule and select Next.
  10. For Rule Type, choose Custom rule and select Next.
  11. Add the following values to set up your rule:
    For Rule type, choose Rule Builder.
    For Name enter a name for the rule.
    For Type, choose Regular rule.
    For If a Request, choose Doesn't match the statement (NOT).
    For Inspect, choose Single header.
    For Header field name, choose Host.
    For Match type, choose Exactly matches String.
    For String to match, choose your host name to block everything except the host name.
    (Optional) Choose a text transformation, or choose None.
    For Action, chooses Block.
  12. Choose Add Rule.
  13. For Set Rule Priority, select your rule and then update its priority. For more information, see Setting rule priority.
  14. Choose Save.

It's a best practice to use logical rule statements to combine string match statements with other statement types, such as IP set match and geographic match.

Related information

Logging AWS WAF web ACL traffic

How AWS WAF labeling works

Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
AWS OFFICIALUpdated 4 months ago
No comments

Relevant content